W3C home > Mailing lists > Public > public-credentials@w3.org > December 2016

Re: U-Prove

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Fri, 30 Dec 2016 14:57:22 +0100
To: Phil Archer <phila@w3.org>, Credentials Community Group <public-credentials@w3.org>
Message-ID: <064c4e3d-433c-c410-a142-97011d175a10@gmail.com>
On 2016-12-30 11:42, Phil Archer wrote:
> Dear all,
>
> Can I ask this group for a view on U-Prove [1] please? In particular,
> the privacy aspects that appear to be superior to the architecture
> proposed for the VCWG. The issue boils down to trackability.

You are right. U-Prove is a superior technology from a privacy point of view.

Since Microsoft hired the principal inventor as well as bought his company for a substantial sum a question comes to my mind:
Why haven't Microsoft itself commercialized/popularized this technology more?

I believe there are multiple reasons including:
- Lack of real-world use cases
- Difficult user interfaces
- No working business model for issuers

Then there is a fundamental issue with *all* privacy preserving systems:
If the receiver of a verified claim doesn't respect your privacy it doesn't matter how smart your privacy preserving scheme is.

As an example of the latter is the scheme imposed by the EU for protection of fingerprints in e-passports which I have had the "pleasure" to be involved with as a developer.
The idea is that only "good states" should be able to read/verify your fingerprint which is assured through an extremely sophisticated (read: complex) PKI-based access control scheme known as EAC/SPOC.
However, immediately after you have put your finger on a border-control fingerprint-reader the "bad state" may record it anyway.
It goes without saying that all EU governments bought into this!  https://en.wikipedia.org/wiki/The_Emperor's_New_Clothes

If we take FIDO/WebAuthentication it offers unlinkability.  But even in this case it is unclear if unlinkability actually is achievable since hardly any service provider (of any value to a user) accept registrations without a verified e-mail address.  Since e-mail addresses are GUIDs (Globally Unique IDs) only people with specific interests in privacy (=having multiple e-mail addresses) will in reality benefit from the FIDO privacy protection scheme which IMO severely reduces the value of *that* particular aspect of FIDO.



Regards,
Anders

>
> Thanks
>
> Phil
>
> [1] https://www.microsoft.com/en-us/research/project/u-prove/
>
Received on Friday, 30 December 2016 13:57:58 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:33 UTC